New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 795107 link

Starred by 1 user
Status: Verified
Owner:
yunlian@chromium.org
Last visit > 30 days ago
Closed: Dec 2017
Cc:
llozano@chromium.org
laszio@chromium.org
yunlian@chromium.org
rahulchaudhry@chromium.org
cmt...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

libpasswordprovider failed in asan builder

Project Member Reported by manojgupta@chromium.org, Dec 14 2017 
https://build.chromium.org/p/chromiumos/builders/amd64-generic-asan/builds/22377

libpasswordprovider-0.0.1-r8:  * ASAN error detected:
libpasswordprovider-0.0.1-r8:  * =================================================================
libpasswordprovider-0.0.1-r8:  * ==17==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6210000010ff at pc 0x7fe0a58d77fb bp 0x7ffd32266580 sp 0x7ffd32265d28
libpasswordprovider-0.0.1-r8:  * READ of size 4096 at 0x6210000010ff thread T0
libpasswordprovider-0.0.1-r8:  *     #0 0x7fe0a58d77fa  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0x387fa)
libpasswordprovider-0.0.1-r8:  *     #1 0x7fe0a520c7ee  (/usr/lib64/libstdc++.so.6+0xc47ee)
libpasswordprovider-0.0.1-r8:  *     #2 0x7fe0a599a22b  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0xfb22b)
libpasswordprovider-0.0.1-r8:  *     #3 0x7fe0a5875998  (/usr/lib64/libgtest.so.0+0x47998)
libpasswordprovider-0.0.1-r8:  *     #4 0x7fe0a5854f18  (/usr/lib64/libgtest.so.0+0x26f18)
libpasswordprovider-0.0.1-r8:  *     #5 0x7fe0a58563dc  (/usr/lib64/libgtest.so.0+0x283dc)
libpasswordprovider-0.0.1-r8:  *     #6 0x7fe0a5856c16  (/usr/lib64/libgtest.so.0+0x28c16)
libpasswordprovider-0.0.1-r8:  *     #7 0x7fe0a5861176  (/usr/lib64/libgtest.so.0+0x33176)
libpasswordprovider-0.0.1-r8:  *     #8 0x7fe0a5876708  (/usr/lib64/libgtest.so.0+0x48708)
libpasswordprovider-0.0.1-r8:  *     #9 0x7fe0a5860e01  (/usr/lib64/libgtest.so.0+0x32e01)
libpasswordprovider-0.0.1-r8:  *     #10 0x7fe0a599e8d3  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0xff8d3)
libpasswordprovider-0.0.1-r8:  *     #11 0x7fe0a46ab735  (/lib64/libc.so.6+0x20735)
libpasswordprovider-0.0.1-r8:  *     #12 0x7fe0a58c3ea8  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0x24ea8)
libpasswordprovider-0.0.1-r8:  * 
libpasswordprovider-0.0.1-r8:  * 0x6210000010ff is located 0 bytes to the right of 4095-byte region [0x621000000100,0x6210000010ff)
libpasswordprovider-0.0.1-r8:  * allocated by thread T0 here:
libpasswordprovider-0.0.1-r8:  *     #0 0x7fe0a5991272  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0xf2272)
libpasswordprovider-0.0.1-r8:  *     #1 0x7fe0a599a137  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0xfb137)
libpasswordprovider-0.0.1-r8:  *     #2 0x7fe0a5875998  (/usr/lib64/libgtest.so.0+0x47998)
libpasswordprovider-0.0.1-r8:  *     #3 0x7fe0a5854f18  (/usr/lib64/libgtest.so.0+0x26f18)
libpasswordprovider-0.0.1-r8:  *     #4 0x7fe0a58563dc  (/usr/lib64/libgtest.so.0+0x283dc)
libpasswordprovider-0.0.1-r8:  *     #5 0x7fe0a5856c16  (/usr/lib64/libgtest.so.0+0x28c16)
libpasswordprovider-0.0.1-r8:  *     #6 0x7fe0a5861176  (/usr/lib64/libgtest.so.0+0x33176)
libpasswordprovider-0.0.1-r8:  *     #7 0x7fe0a5876708  (/usr/lib64/libgtest.so.0+0x48708)
libpasswordprovider-0.0.1-r8:  *     #8 0x7fe0a5860e01  (/usr/lib64/libgtest.so.0+0x32e01)
libpasswordprovider-0.0.1-r8:  *     #9 0x7fe0a599e8d3  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0xff8d3)
libpasswordprovider-0.0.1-r8:  *     #10 0x7fe0a46ab735  (/lib64/libc.so.6+0x20735)
libpasswordprovider-0.0.1-r8:  *     #11 0x7fe0a58c3ea8  (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0x24ea8)
libpasswordprovider-0.0.1-r8:  * 
libpasswordprovider-0.0.1-r8:  * SUMMARY: AddressSanitizer: heap-buffer-overflow (/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/password_provider_test+0x387fa) 
libpasswordprovider-0.0.1-r8:  * Shadow bytes around the buggy address:
libpasswordprovider-0.0.1-r8:  *   0x0c427fff81c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
libpasswordprovider-0.0.1-r8:  *   0x0c427fff81d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
libpasswordprovider-0.0.1-r8:  *   0x0c427fff81e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
libpasswordprovider-0.0.1-r8:  *   0x0c427fff81f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
libpasswordprovider-0.0.1-r8:  *   0x0c427fff8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
libpasswordprovider-0.0.1-r8:  * =>0x0c427fff8210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07]
libpasswordprovider-0.0.1-r8:  *   0x0c427fff8220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
libpasswordprovider-0.0.1-r8:  *   0x0c427fff8230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
libpasswordprovider-0.0.1-r8:  *   0x0c427fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
libpasswordprovider-0.0.1-r8:  *   0x0c427fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
libpasswordprovider-0.0.1-r8:  *   0x0c427fff8260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
libpasswordprovider-0.0.1-r8:  * Shadow byte legend (one shadow byte represents 8 application bytes):
libpasswordprovider-0.0.1-r8:  *   Addressable:           00
libpasswordprovider-0.0.1-r8:  *   Partially addressable: 01 02 03 04 05 06 07 
libpasswordprovider-0.0.1-r8:  *   Heap left redzone:       fa
libpasswordprovider-0.0.1-r8:  *   Freed heap region:       fd
libpasswordprovider-0.0.1-r8:  *   Stack left redzone:      f1
libpasswordprovider-0.0.1-r8:  *   Stack mid redzone:       f2
libpasswordprovider-0.0.1-r8:  *   Stack right redzone:     f3
libpasswordprovider-0.0.1-r8:  *   Stack after return:      f5
libpasswordprovider-0.0.1-r8:  *   Stack use after scope:   f8
libpasswordprovider-0.0.1-r8:  *   Global redzone:          f9
libpasswordprovider-0.0.1-r8:  *   Global init order:       f6
libpasswordprovider-0.0.1-r8:  *   Poisoned by user:        f7
libpasswordprovider-0.0.1-r8:  *   Container overflow:      fc
libpasswordprovider-0.0.1-r8:  *   Array cookie:            ac
libpasswordprovider-0.0.1-r8:  *   Intra object redzone:    bb
libpasswordprovider-0.0.1-r8:  *   ASan internal:           fe
libpasswordprovider-0.0.1-r8:  *   Left alloca redzone:     ca
libpasswordprovider-0.0.1-r8:  *   Right alloca redzone:    cb
libpasswordprovider-0.0.1-r8:  * ==17==ABORTING

Comment 1 by afakhry@chromium.org, Dec 15 2017

Components: Tests

Comment 2 by rahulchaudhry@chromium.org, Dec 19 2017

Cc: laszio@chromium.org

Comment 3 by yunlian@chromium.org, Dec 21 2017 

Symbolized trace is
* READ of size 4096 at 0x6210000010ff thread T0
 *     #0 0x55e3f196a7fa in strlen ??:0:0
 *     #1 0x7fd11af297ae in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) ??:0:0
 *     #2 0x55e3f1a2d22b in password_provider::PasswordProviderTest_GetLongPassword_Test::TestBody() /build/amd64-generic/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/../../../../../../../tmp/portage/chromeos-base/libpasswordprovider-0.0.1-r29/work/libpasswordprovider-0.0.1/libpasswordprovider/password_provider_test.cc:86:15
 *     #3 0x7fd11b591a48 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) ??:0:0
 *     #4 0x7fd11b570e08 in testing::Test::Run() ??:0:0
 *     #5 0x7fd11b57237c in testing::TestInfo::Run() ??:0:0
 *     #6 0x7fd11b572bb6 in testing::TestCase::Run() ??:0:0
 *     #7 0x7fd11b57d1c6 in testing::internal::UnitTestImpl::RunAllTests() ??:0:0
 *     #8 0x7fd11b5927b8 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) ??:0:0
 *     #9 0x7fd11b57ce51 in testing::UnitTest::Run() ??:0:0
 *     #10 0x55e3f1a318d3 in RUN_ALL_TESTS() /build/amd64-generic/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/../../../../../../../usr/include/gtest/gtest.h:2233:46
 *     #11 0x55e3f1a318d3 in main /build/amd64-generic/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/../../../../../../../tmp/portage/chromeos-base/libpasswordprovider-0.0.1-r29/work/libpasswordprovider-0.0.1/common-mk/testrunner.cc:16:0
 *     #12 0x7fd11a3c8735 in __libc_start_main /var/tmp/portage/cross-x86_64-cros-linux-gnu/glibc-2.23-r12/work/glibc-2.23/csu/../csu/libc-start.c:289:0
 *     #13 0x55e3f1956ea8 in _start ??:0:0
 * 
 * 0x6210000010ff is located 0 bytes to the right of 4095-byte region [0x621000000100,0x6210000010ff)
 * allocated by thread T0 here:
 *     #0 0x55e3f1a24272 in operator new[](unsigned long) ??:0:0
 *     #1 0x55e3f1a2d137 in std::_MakeUniq<char []>::__array std::make_unique<char []>(unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/4.9.x/include/g++-v4/bits/unique_ptr.h:771:30
 *     #2 0x55e3f1a2d137 in password_provider::PasswordProviderTest_GetLongPassword_Test::TestBody() /build/amd64-generic/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/../../../../../../../tmp/portage/chromeos-base/libpasswordprovider-0.0.1-r29/work/libpasswordprovider-0.0.1/libpasswordprovider/password_provider_test.cc:84:0
 *     #3 0x7fd11b591a48 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) ??:0:0
 *     #4 0x7fd11b570e08 in testing::Test::Run() ??:0:0
 *     #5 0x7fd11b57237c in testing::TestInfo::Run() ??:0:0
 *     #6 0x7fd11b572bb6 in testing::TestCase::Run() ??:0:0
 *     #7 0x7fd11b57d1c6 in testing::internal::UnitTestImpl::RunAllTests() ??:0:0
 *     #8 0x7fd11b5927b8 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) ??:0:0
 *     #9 0x7fd11b57ce51 in testing::UnitTest::Run() ??:0:0
 *     #10 0x55e3f1a318d3 in RUN_ALL_TESTS() /build/amd64-generic/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/../../../../../../../usr/include/gtest/gtest.h:2233:46
 *     #11 0x55e3f1a318d3 in main /build/amd64-generic/var/cache/portage/chromeos-base/libpasswordprovider/out/Default/../../../../../../../tmp/portage/chromeos-base/libpasswordprovider-0.0.1-r29/work/libpasswordprovider-0.0.1/common-mk/testrunner.cc:16:0
 *     #12 0x7fd11a3c8735 in __libc_start_main /var/tmp/portage/cross-x86_64-cros-linux-gnu/glibc-2.23-r12/work/glibc-2.23/csu/../csu/libc-start.c:289:0
 *     #13 0x55e3f1956ea8 in _start ??:0:0
 * 
 * SUMMARY: AddressSanitizer: heap-buffer-overflow (/var/cache/port
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 23 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/b6cb1e79ff52e1729d5cca38f64f763afc49b437

commit b6cb1e79ff52e1729d5cca38f64f763afc49b437
Author: Yunlian Jiang <yunlian@chromium.org>
Date: Sat Dec 23 01:47:41 2017

libpasswordprovider: fix a heap-buffer-overflow in unittest.

BUG= chromium:795107 
TEST=FEATURES="test" emerge-amd64-generic libpasswordprovider

Change-Id: Idc631165c26534ed830757e6abd164f37ebd9a67

[modify] https://crrev.com/b6cb1e79ff52e1729d5cca38f64f763afc49b437/libpasswordprovider/password_provider_test.cc

Comment 5 by yunlian@chromium.org, Dec 27 2017

Owner: yunlian@chromium.org
Status: Verified (was: Untriaged)

Sign in to add a comment